Why Bedrock Security and Configuration Hygiene Matter

Amazon Bedrock offers managed access to leading foundation models with features designed for safety, privacy, and governance. Nevertheless, achieving secure outcomes depends on how you configure your environment. Common pitfalls include:

• Overly permissive IAM policies that allow bedrock:* or bedrock:InvokeModel access to broad principals.
• Agents and knowledge bases created without guardrails, content filters, or baseline safety settings.
• Knowledge base data in S3 buckets lacking encryption, public access blocks, or strict bucket policies.
• Insufficient logging and monitoring of Bedrock API activity and model invocations.
• Missing private connectivity to Bedrock endpoints when required for compliance.

These issues are preventable with proper controls and ongoing monitoring. AWS provides documentation on Bedrock security considerations, including IAM scoping, data protection, and logging options here. You can find guidance on Bedrock guardrails and safety settings here, and CloudTrail logging for Bedrock API calls is covered here. For information on implementing private connectivity, check the documentation on Bedrock VPC interface endpoints via AWS PrivateLink here.

How Datadog Cloud Security Helps

Datadog Cloud Security unifies posture management, detection, and response, enabling you to identify and rectify misconfigurations across your AWS accounts, including those involving Amazon Bedrock.

Posture Checks for Misconfigurations

With Cloud Security Posture Management (CSPM), Datadog continuously evaluates AWS resources and settings against recommended best practices. For Bedrock-centric workloads, you can uncover issues such as:

• IAM roles or users with broad bedrock:* or all-resource permissions that violate least privilege best practices (AWS IAM guidance).
• S3 buckets used by Bedrock knowledge bases that are public, lack encryption, or do not have bucket policies designed for least privilege (S3 security best practices).
• Agents or knowledge bases created without associated guardrails or safety baselines (AWS Guardrails).
• Bedrock endpoints accessed over the public internet when your policy mandates using PrivateLink (PrivateLink for Bedrock).

Datadog details CSPM capabilities for AWS and provides enabling instructions here.

Threat Detection from Bedrock Activity

Datadog Cloud SIEM and detection rules analyze CloudTrail and other telemetry to catch risky changes and suspicious activity, such as:

• Creation or updates to Bedrock agents, knowledge bases, or guardrail configurations by unexpected principals.
• Permission changes that grant broad bedrock:InvokeModel or cross-account access contrary to your normal patterns.
• Disabling or failing to deliver logs that would document model invocations or agent interactions.

To learn more about logging the who, what, and when of Bedrock API calls, review AWS CloudTrail coverage for Bedrock here. Bedrock model invocation logging options are also outlined here.

Unified Visibility and Faster Response

Datadog leverages a unified view of misconfigurations, API events, and runtime telemetry across services. Security findings appear alongside infrastructure metrics, logs, and traces, allowing responders to quickly transition from alert to root cause. If you already utilize AWS Security Hub, you can forward findings into Datadog to centralize triage. For setup guidance with AWS, refer to the Datadog documentation here, and find Security Hub integration notes here.

Getting Started: Connect AWS and Enable Checks

1. Integrate Datadog with your AWS accounts using the Datadog AWS integration. This creates an AWS IAM role that Datadog can use to inventory resources and ingest CloudTrail, CloudWatch, and other telemetry. Instructions can be found here.
2. Enable Cloud Security Posture Management and select the frameworks or control sets you want to monitor across accounts and regions. Check the CSPM setup guide here.
3. Activate Cloud SIEM or detection rules to analyze CloudTrail events regarding sensitive Bedrock operations, starting with rules that alert on permission changes, guardrail modifications, and resource deletions.
4. (Optional) Connect AWS Security Hub so that native findings flow into Datadog alongside any issues detected by Datadog.

Make sure to use least-privilege IAM for the Datadog integration role. Generally, permissions must include inventory and read actions for Bedrock, S3, KMS, CloudTrail, CloudWatch Logs, and EC2 VPC endpoints to validate private connectivity. Refer to Datadog’s AWS permissions guidance in the integration docs.

Example Detections and How to Respond

1) Broad Bedrock Permissions Granted

Signal: A role or user has been updated to include bedrock:* or grants bedrock:InvokeModel access across all resources.

Why it Matters: This violates least privilege principles and may lead to unintended model use or data access.

Response: Review the change in CloudTrail, scope permissions specifically to Bedrock actions, and restrict access to approved roles. Refer to AWS IAM guidance for Bedrock here.

2) Knowledge Base Bucket Publicly Accessible

Signal: An S3 bucket used by a Bedrock knowledge base is missing public access blocks or allows anonymous reads.

Why it Matters: This poses a risk of exposing proprietary data to the internet.

Response: Enable Block Public Access, enforce encryption with KMS, and tighten the bucket policy. For best practices, see S3 security guidelines here.

3) Agent Created Without Guardrails

Signal: A Bedrock agent or knowledge base is created without an associated guardrail or safety configuration.

Why it Matters: Lacking content filters and policies can result in unsafe or noncompliant outputs.

Response: Attach a guardrail policy, enable safety filters, and re-test. To learn about guardrails, refer to the documentation here.

4) Model Invocation Logging Not Configured

Signal: Bedrock model invocation logs are not sent to CloudWatch Logs or your chosen destination.

Why it Matters: Without proper logging, auditability and the ability to investigate misuse is compromised.

Response: Enable model invocation logging as per AWS guidance here and monitor log delivery in CloudWatch. Ensure coverage is validated with Datadog log-based monitors.

Best Practices for Secure Bedrock Adoption

• Apply least-privilege IAM for Bedrock actions and limit cross-account access.
• Implement guardrails and safety filters for agents and knowledge bases from the start.
• Protect knowledge base data with KMS encryption, private S3 access, and strict bucket policies.
• Activate CloudTrail and model invocation logging, forwarding logs to a centralized analytics platform.
• Utilize VPC interface endpoints for Bedrock if compliance or network policies call for private connectivity.
• Continuously assess posture with Datadog CSPM and set alerts for any drift using detection rules.

Conclusion

Amazon Bedrock is a powerful tool for accelerating generative AI, but it requires careful oversight and guardrails. Datadog Cloud Security empowers you to quickly detect and rectify misconfigurations with ongoing posture checks, threat detection from CloudTrail events, and an efficient response mechanism. This combination reduces risks while allowing your teams to maintain agility.

FAQs

What is Amazon Bedrock?

Amazon Bedrock is an AWS service that provides API access to leading foundation models along with tools for safety, orchestration, and governance. Learn more about it here.

What Are Common Bedrock Misconfigurations?

Typical issues include excessively broad IAM permissions, missing guardrails, publicly accessible or unencrypted knowledge base data, disabled logging, and lack of private connectivity when required.

How Does Datadog Compare to AWS Native Tools?

AWS services like Security Hub collect and score findings across AWS environments. Datadog enhances this by providing cross-cloud posture, detection, and rich observability context all in one location. You can ingest Security Hub findings into Datadog for integrated workflows.

Does Datadog See Model Prompts or Outputs?

By default, Datadog analyzes only the metadata and logs that you choose to forward. You retain control over what data is logged. Follow AWS guidance on model invocation logging and data management to comply with your privacy standards.

How Do I Start Monitoring Bedrock with Datadog?

Connect your AWS accounts to Datadog, enable CSPM and SIEM, and activate detection rules specific to Bedrock changes. After that, review findings and correct any misconfigurations.